Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How remember me feature works?

Definition of "Remember Me" feature is

When you check the "Remember Me" checkbox at the Portal Login page, your login will be remembered for some days, even after you close your browser. The next time you open the same browser within that time period, you will be automatically logged in.

I did not get how it actually works internally.

say I hit the app1 and logs in with my credentials. webserver creates the user object and stores it in session. now whenever I hit app1 from tabs(same or different) of the same browser instance, cookies will be sent to and fro. Makes sense.

But Once I close the browser and open the new window, and hit the app1. A new set of cookies will be sent (not the previous one) and webserver will create the new session and ask for the credentials.

So I am really not getting how remember me works once browser is closed and new window is opened?

like image 661
emilly Avatar asked Feb 22 '15 12:02

emilly


People also ask

Are Remember Me feature safe?

Use the “remember me” option to reduce how often you have to sign in with two-factor authentication (2FA) on the same web browser. It's safe to use on trusted computers, and lasts for 30 days.

How Remember Me works in laravel?

Laravel authentication offers remember me functionality out of the box. In order to use it you need to do 2 things: add remember_token column in your users table - this is where the token will be stored. pass true as a second parameter of Auth::attempt() to enable remember me behaviour.

How do sites remember me?

Typically it's done via a cookie. Upon user login, a cookie is set with a specific (cryptographically secure) code (typically NOT including the user's password or any derivation thereof, but instead a hash that is used to look for the user), which is sent with each request.

How does remember me work in PHP?

A more secure way to implement the remember me feature is to store a random token instead of a user id in both cookies and database server. When users access the web application, you match the cookies' tokens with those stored in the database. Also, you can check the token's expiration time.


1 Answers

The remember-me feature typically works by generating a unique cookie, associating it with the user in the database, and adding a persistent cookie (i.e. a cookie which is saved on disk by the browser) to the response once the user is logged in.

When the user opens the browser again and goes back to the app, the browser sends this cookie, and the server finds if any user has this cookie in the database. If the user is found, he's automatically authenticated and a new session is started for this cookie.

like image 140
JB Nizet Avatar answered Sep 22 '22 18:09

JB Nizet